NOVAHA ShmooCon Epilogue, Graph Theory, Attack Trees & Attack Graphs

I have been interested in graph theory since I worked for the railroad back in the 90’s and even further back when I was working on my degree in the 80’s. Last year, as a side project (we all seem to have them), I asked the question “Has graph theory been applied to cybersecurity”. The answer was yes. I discovered 10’s of papers, some great and some not so good, but many more then I realized existed. I also found sample code, working templates and even two commercial products.

After my IPv6 presentation was not accepted for Schmoocon 2012, I decided to present my attack graph findings at the NOVAHA ShmooCon Epilogue event. The event was great, I learned things from all of the speakers, and had many good side discussions.